Michael Thomas wrote:
FWIW, I don't think that t=testing is at all helpful either.
+1 It also muddies the water for the Authentication-Results,
if they map e.g. "strict deny" to "hardfail" and "all process"
to "softfail" there's nothing left for any "strict testing".
It's that sort of subjective state that we should both learn
from SPF and avoid.
Yes, IMO the SOFTFAIL "testing" wasn't a good idea, one of the
many SPF battles I lost. Some folks really like it, a FAIL is
a difficult decision for the known reasons wrt SPF or PRA.
A "strict deny" SSP is also a difficult decision. But this
"testing" loohole doesn't help receivers, a sender policy (or
a published signing practice) must make sense for *receivers*.
NOTE WELL: This list operates according to